<?
function GetAll($User_id)
{
        $conn = getConnection();
              

        $sql = '
                SELECT P.id, P.PName, P.Description, P.Supplier, P.Price
                FROM 2011_Products P
                ';
        if(isset($User_id))
        {
                $sql .= " WHERE User_id=$User_id ";
        }
        echo $sql;
        return $conn->query($sql);
}
function Get($id)
{
        $conn = getConnection();
        $result = $conn->query("SELECT * FROM 2011_Products WHERE id=$id");
        $rs = $result->fetch_assoc();
        $conn->close();
        return $rs;
}
function Blank()
{
        return array();
}

function Save2(&$rs)
{
        $conn = getConnection();
        $rs_old = $rs;
        $rs = EscapeAll($conn, $rs);
        if(isset($rs['id']))    // Editing
        {
                $sql =  "INSERT INTO 2011_Purchase (User_id, PName,Supplier, Size, Color, Price) "
                .     "Values ('$rs[User_id]','$rs[PName]', '$rs[Supplier]','$rs[Size]','$rs[Color]', '$rs[Price]')";
        }else{                                  // Adding
                $sql =  "INSERT INTO 2011_Products (User_id, PName, Supplier, Size, Color, Price) "
                .     "Values ('$rs[User_id]','$rs[PName]', '$rs[Supplier]','$rs[Size]','$rs[Color]','$rs[Price]')";
        }
        $rs = $rs_old;
        //echo  $sql;
        $result = $conn->query($sql);
        $error = $conn->error;
        if(!isset($rs['id']))
        {
                $rs['id'] = $conn->insert_id;
        }
        $conn->close();
        if($error)
                return array('Server Error' => $error);
        else
                return null;
}
function Save(&$rs)
{
        $conn = getConnection();
        $rs_old = $rs;
        $rs = EscapeAll($conn, $rs);
        if(isset($rs['id']))    // Editing
        {
                $sql =  "UPDATE 2011_Products SET "
        .               " `Name`='$rs[PName]',"
		.				" 'Description'='$rs[Description]',"
		.               " `Supplier`='$rs[Supplier]',"
		.				" Price = $rs[Price]"
                .               " WHERE id=$rs[id]"
                ;
        }else{ 
			$sql =  "INSERT INTO 2011_Products (PName, Description, Supplier, Price) "
                .     "Values ('$rs[PName]', '$rs[Description]','$rs[Supplier]',$rs[Price])";
        }
        $rs = $rs_old;
        //echo  $sql;
        $result = $conn->query($sql);
        $error = $conn->error;
        if(!isset($rs['id']))
        {
                $rs['id'] = $conn->insert_id;
        }
        $conn->close();
        if($error)
                return array('Server Error' => $error);
        else
                return null;
}
function Delete($id)
{
        $conn = getConnection();
        $conn->query("DELETE FROM 2011_Purchase WHERE id=$id");
        $error = $conn->error;
        $conn->close();
        if($error)
                return array('Server Error' => $error);
        else
                return null;
}
function Validate($rs)
{
        
        if(count($errors) == 0)
                return null;
        return $errors;
}
function EscapeAll($conn, $rs)
{
        $ret = array();
        foreach($rs as $key => $value)
        {
                $ret[$key] = mysqli_real_escape_string($conn, $value);
        }
        return $ret;
}
